The Chief Privacy Officer (“CPO”) shall oversee all ongoing activities related to the development, implementation and maintenance of the company’s privacy policies and programs in accordance with applicable laws. Reporting to the General Counsel, this position will also provide strategic direction to the company regarding existing and emerging privacy and data protection laws.
- Builds a strategic and comprehensive privacy program, including appropriate policies and procedures, to enable consistent, effective data privacy practices; to minimize privacy risk; and to ensure the confidentiality of personal data. Ensures privacy forms, policies, standards, and procedures are up-to-date and compliant with laws applicable to the organization.
- Working closely with the CISO, CIO, CCO and other individuals with privacy and data handling responsibilities in the organization, sets strategy and develops global and regional approaches to complex privacy matters involving systems, processes and data handling activities.
- Works with senior management and corporate compliance officer to establish governance for the privacy program.
- Collaborates with the Information Technology (IT) department to ensure alignment between security and privacy compliance programs including policies, practices, investigations; acts as a liaison to the IT department.
- Establishes, with the IT department, systems to track, investigate and report inappropriate or unauthorized access, loss or disclosure of personal data.
- Performs or oversees initial and periodic privacy risk assessment/analysis, mitigation and remediation.
- Conducts related ongoing compliance monitoring activities in coordination with the company’s other compliance and operational assessment functions. .
- Oversees and develops initial and ongoing privacy training to the workforce.
- Participates in the development, implementation, and ongoing compliance monitoring of all facets of the privacy program to ensure all privacy concerns, requirements, and responsibilities are addressed.
- Where necessary or appropriate, represents the organization before data protection authorities and other relevant regulators and agencies.
- Manages all required breach determination and notification processes under laws applicable to the organization.
- Establishes and administers a process for investigating and acting on privacy and security complaints when raised by individuals or regulators.
- With Human Resources department, ensures consistent application of sanctions for violations of privacy policies.
- Initiates, facilitates and promotes activities to foster data privacy awareness within the organization and related entities.
- Maintains current knowledge of applicable global data privacy and security laws and accreditation standards.
- Works with legal counsel, government affairs, and other related internal functions to represent the company’s interests with regulators regarding data privacy legislation, regulations, or standards.
- Serves as data privacy resource to the organization regarding release of information and to all departments for all privacy related issues.
- Reports on a periodic basis regarding the status of the privacy program and privacy risks to senior management and other responsible committees.
- Law degree and/or Master’s degree in regulatory/healthcare compliance preferred
- At least 10 years’ experience in the privacy profession, including time in or advising pharmaceutical companies on healthcare privacy related activities
- In-depth knowledge of global privacy laws related to the pharmaceutical industry
- In-depth knowledge of legal, regulatory, compliance and business environment for the pharmaceutical industry
- Experience with building and implementing a global privacy program
- Experience dealing with European entities and data protection authorities
- Demonstrated ability to work collaboratively within an organization with senior leaders
- Excellent oral and written communication skills